Файловый менеджер

Файловый менеджер - Редактировать - /home/lmsyaran/public_html/j3/modules/mod_simplefileuploadv1.3/helper.php

Назад
<?php defined('_JEXEC') or die('Direct Access to this location is not allowed.'); class ModSimpleFileUploaderHelperv13{ function getUploadForm( &$params, $upload_location, $sfu_basepath, $mid, $upload_users, $users_name ) { // Get settings: $upload_maxsize = $params->get( 'upload_maxsize', '100000' ); $upload_filetypes = $params->get( 'upload_filetypes', '' ); $upload_fileexist = $params->get( 'upload_fileexist', '' ); $upload_email = $params->get( 'upload_email', '' ); $upload_emailmsg = $params->get( 'upload_emailmsg', '0' ); $upload_emailhtml = $params->get( 'upload_emailhtml', '1' ); $upload_unzip = $params->get( 'upload_unzip', '0' ); $upload_showerrmsg = $params->get( 'upload_showerrmsg', '1' ); $upload_showdircontent = $params->get( 'upload_showdircontent', '0' ); $upload_popshowpath = $params->get( 'upload_popshowpath', '1' ); $upload_popshowbytes = $params->get( 'upload_popshowbytes', '0' ); $upload_blacklist = $params->get( 'upload_blacklist', '.php .php3 .php4 .php5 .php6 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .exe .bat .cmd .htaccess' ); $upload_doubleext = $params->get( 'upload_doubleext', '1' ); $upload_phpext = $params->get( 'upload_phpext', '1' ); $upload_gifcomment = $params->get( 'upload_gifcomment', '1' ); $upload_mailfrom = $params->get( 'upload_mailfrom' , 'noreply@simplefileupload.com' ); $upload_maximgwidth = $params->get( 'upload_maximgwidth', '0' ); $upload_maximgheight = $params->get( 'upload_maximgheight', '0' ); $upload_compressimg = $params->get( 'upload_compressimg', '' ); $upload_disablegdlib = $params->get( 'upload_disablegdlib', '0' ); $upload_disablegdthreshold = $params->get( 'upload_diablegdthreshold', '0' ); $upload_thumbcreate = $params->get( 'upload_thumbcreate', '0' ); $upload_thumbsize = $params->get( 'upload_thumbsize', '40x40' ); $upload_thumbname = $params->get( 'upload_thumbname', 'sfuthumb' ); $upload_debug = $params->get( 'upload_debug', '0' ); $upload_formfields = $params->get( 'upload_formfields', '' ); $upload_useformsfields = $params->get( 'upload_useformsfields', '0' ); if ($upload_useformsfields == 0) $upload_formfields = ""; $upload_formfieldsfile = $params->get( 'upload_formfieldsfile', '' ); $upload_formfieldsdiv = $params->get( 'upload_formfieldsdiv', '\|' ); $upload_nohtmlencoding = $params->get( 'upload_nohtmlencoding', '0' ); $upload_replacetag = $params->get( 'upload_replacetag', '0' ); $results = ""; $fileCnt = 0; $fileErr = 0; $written = 0; $filename = ""; $fileList = ""; $fileInfo = ""; $filetypeok = true; $filetype = ""; $blacklist = explode(" ", $upload_blacklist); $formfieldsval = array(); $formfieldsemail = array(); $chkfileexist = ""; $baseurl = ""; $serverurl = ""; $protocol = ""; $protocol = "http://"; if (substr($_SERVER["HTTP_REFERER"], 0, 5) === "https") $protocol = "https://"; $folder = substr($_SERVER['SCRIPT_NAME'], 0, strrpos($_SERVER['SCRIPT_NAME'], "/")); if ($folder === "//") $folder = ""; // Check if relative path if (substr($upload_location, 0, 1) === ".") { $serverurl .= str_replace(".", $protocol.$_SERVER["HTTP_HOST"].$folder, $upload_location); // Fix Windows path... $baseurl .= str_replace("\\", "", $serverurl); } else { if ((substr($upload_location, 1, 2) === ":\\") \|\| (substr($upload_location, 0, 1) === "/")) { // Server root path $baseurl = "file://".str_replace("\\", "/", $upload_location); } else { $serverurl = str_replace("\\", "/", $_SERVER["DOCUMENT_ROOT"]); $baseurl = str_replace("\\", "/", $upload_location); $baseurl = str_replace($serverurl, "", $baseurl); //$baseurl = dirname($_SERVER["HTTP_REFERER"])."/".$baseurl; $baseurl = $protocol.$_SERVER["HTTP_HOST"].$folder."/".$baseurl; } } //Replace space with %20 for URL $baseurl = str_replace(" ", "%20", $baseurl); // Make sure it ends with front slash if ( substr( $baseurl , strlen($baseurl) - 1) !== "/" ) { $baseurl .= "/"; } if(is_array($_FILES["uploadedfile$mid"]["name"])) { foreach($_FILES["uploadedfile$mid"]["name"] as $value) { /* Not really useful since I need type and size as well... just use $_FILES if(strlen($value) > 0) { //Check that we have a filename $filenames[] = $value; }/ $fileCnt += 1; } } for ($cnt = 0; $cnt<$fileCnt; $cnt++) { if ((strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0) && ($upload_users === "true")) { // Check blacklist first foreach ($blacklist as $file) { $filename = $_FILES["uploadedfile$mid"]["name"][$cnt]; if (preg_match("/$file\$/i", $filename)) { $filetypeok = false; break; } } // Check double extension if ($upload_doubleext === "1" \|\| $upload_phpext === "1") { $exts = explode('.', $filename); // There is more than one dot! if (count($exts) > 2) { // Any double extension blocked if ($upload_doubleext === "1") $filetypeok = false; if ($upload_phpext === "1") { // Block .php. if (strtolower($exts[count($exts)-2]) === "php") $filetypeok = false; } } else { // Check and block any .php combination if (stripos($filename, ".php") !== false) $filetypeok = false; } } if ($_FILES["uploadedfile$mid"]["error"][$cnt] > 0) { // Check if there was any error $filetypeok = false; } if ($filetypeok) { $fileList .= $_FILES["uploadedfile$mid"]["name"][$cnt] . "\|"; $filetype = $_FILES["uploadedfile$mid"]["type"][$cnt]; $fileInfo .= "(" . JText::_('TYPE') . ": " . $filetype . " " . JText::_('SIZE') . ": " . $_FILES["uploadedfile$mid"]["size"][$cnt] . " " . JText::_('BYTES') . ")\|"; if ($filetype === "") $filetype = "false"; if (stripos($upload_filetypes, $filetype) === false) { $filetypeok = false; } else { $filetypeok = true; } if ($upload_filetypes === "") { $filetypeok = true; } //Check if GIF and block GIF Comment if ($upload_gifcomment === "1" && (preg_match("/.gif\$/i", $_FILES["uploadedfile$mid"]["name"][$cnt]))) { $comment = ModSimpleFileUploaderHelperv13::getGIFComment($_FILES["uploadedfile$mid"]["tmp_name"][$cnt], $upload_debug); if(stripos($comment, "getGIFComment:BLOCK") !== false) { $filetypeok = false; } if ($upload_debug == 1) $results .= $comment; } } if (($filetypeok) && ($_FILES["uploadedfile$mid"]["size"][$cnt] < $upload_maxsize)) { $errmsg = ""; $new_filename = ""; if ($_FILES["uploadedfile$mid"]["error"][$cnt] > 0) { if (($_FILES["uploadedfile$mid"]["size"][$cnt] == 0) && ($_FILES["uploadedfile$mid"]["error"][$cnt] == 2)) { $errmsg = "(<span style='color:#dd2222'>".$_FILES["uploadedfile$mid"]["name"][$cnt].")</span>".JText::sprintf('ERROR_TOO_BIG', "<br />[PHP Error: " . $_FILES["uploadedfile$mid"]["error"][$cnt]) . "]<br />"; } else { $errmsg = "(<span style='color:#dd2222'>".$_FILES["uploadedfile$mid"]["name"][$cnt].")</span>".JText::sprintf('ERROR_LABEL', $_FILES["uploadedfile$mid"]["error"][$cnt]) . "<br />"; } if ($upload_showerrmsg == 1) $results .= $errmsg; else $results .= JText::_('UPLOAD_FAILED'); $fileErr = 1; } else { $bytesfilesize = $_FILES["uploadedfile$mid"]["size"][$cnt]; // Check to see if GD lib functions should be skipped if ($upload_disablegdthreshold > 0) { if ($bytesfilesize >= $upload_disablegdthreshold) $upload_disablegdlib = 1; } $filesize = ModSimpleFileUploaderHelperv13::getFileSizePP($bytesfilesize); if (($upload_popshowbytes == 1) && ($bytesfilesize != $filesize)) $filesize = $filesize . " (" . $bytesfilesize . " " . JText::_('BYTES') . ")"; //$results .= "<strong>" . JText::_('FILE_OK_MSG') . "</strong><br /><br />"; $results .= "<span style='color:#55dd55'>".JText::sprintf('FILE_UPLOAD_LABEL', $_FILES["uploadedfile$mid"]["name"][$cnt]) . "</span><br />"; $results .= JText::sprintf('FILE_TYPE_LABEL', $_FILES["uploadedfile$mid"]["type"][$cnt]) . "<br />"; $results .= JText::sprintf('FILE_SIZE_LABEL', $filesize) . "<br />"; #$results .= "uploaded to: " . $_FILES["uploadedfile$mid"]["tmp_name"][$cnt] . "<br />"; if (file_exists($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt])) { if ( $upload_fileexist === "0" ) { // FAIL $results .= "<br /><strong>" . JText::sprintf('FILE_EXISTS_MSG', $_FILES["uploadedfile$mid"]["name"][$cnt]) . "</strong><br /><br />" . JText::_('FILE_EXISTS_CORR'); $fileErr = 1; } /* // Don't delete until new file has been created! if ( $upload_fileexist === "1" ) { // REPLACE unlink($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]); $results .= JText::_('FILE_EXISTS_REPLACE') . "<br />"; $chkfileexist = "no"; }/ if ( $upload_fileexist === "2" \|\| $upload_fileexist === "1" ) { // BACKUP $new_filename = $_FILES["uploadedfile$mid"]["name"][$cnt] . microtime(); rename($upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $upload_location . $new_filename); if ($upload_fileexist === "1") $results .= JText::_('FILE_EXISTS_REPLACE') . "<br />"; else $results .= JText::sprintf('FILE_EXISTS_BACKUP', $new_filename) . "<br />"; $new_filename = $upload_location . $new_filename; $chkfileexist = "no"; } } else { $chkfileexist = "no"; } if ( $chkfileexist === "no" ) { // Resize and/or compress? $image_resize = false; $img_compressimg = 0; $img_maximgheight = 0; $img_maximgwidth = 0; // Check size of images before moving if (ModSimpleFileUploaderHelperv13::gd_get_info() && $upload_disablegdlib == 0) { if (($img = @getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt])) && (((is_numeric($upload_maximgwidth) && $upload_maximgwidth > 0) \|\| (is_numeric($upload_maximgheight) && $upload_maximgheight > 0)) \|\| ($upload_thumbcreate == 1))) { list($width, $height, $type, $attr) = getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]); // Make sure we have a valid compression ratio if (!is_numeric($upload_compressimg) \|\| $upload_compressimg > 100 \|\| $upload_compressimg <= 0) $img_compressimg = 100; else $img_compressimg = $upload_compressimg; if ($upload_maximgheight == 0) $img_maximgheight = $height; else $img_maximgheight = $upload_maximgheight; if ($upload_maximgwidth == 0) $img_maximgwidth = $width; else $img_maximgwidth = $upload_maximgwidth; $ratioh = $img_maximgheight/$height; $ratiow = $img_maximgwidth/$width; $ratio = min($ratioh, $ratiow); // New dimensions $n_width = intval($ratio$width); $n_height = intval($ratio$height); $errmsg = ""; switch ($type) { case 1: //'image/gif' if (imagetypes() & IMG_GIF) { // not the same as IMAGETYPE $oim = imageCreateFromGIF($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ; } else { $errmsg = "GIF ".JText::_('IMG_TYPE_FAIL')."<br />"; } break; case 2: //'image/jpeg' if (imagetypes() & IMG_JPG) { $oim = imageCreateFromJPEG($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ; } else { $errmsg = "JPEG ".JText::_('IMG_TYPE_FAIL')."<br />"; } break; case 3: //'image/png' if (imagetypes() & IMG_PNG) { $oim = imageCreateFromPNG($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ; $img_compressimg = round($img_compressimg / 10); // Quality is 0-9 for PNG if ($img_compressimg >= 10) $img_compressimg = 9; // If user has set quality to 100 } else { $errmsg = "PNG ".JText::_('IMG_TYPE_FAIL')."<br />"; } break; case 15: //'image/wbmp' if (imagetypes() & IMG_WBMP) { $oim = imageCreateFromWBMP($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]) ; } else { $errmsg = "WBMP ".JText::_('IMG_TYPE_FAIL')."<br />"; } break; default: $errmsg = $type." ".JText::_('IMG_TYPE_FAIL')."<br />"; break; } if ($errmsg === "") { // If thumbnail $thumbfilename = ""; if ($upload_thumbcreate == 1) { $img_thumbsize = strtolower($upload_thumbsize); $img_thumbsize = explode("x", $img_thumbsize); if (is_array($img_thumbsize)) { if (count($img_thumbsize) == 2) { if (is_numeric($img_thumbsize[0]) && is_numeric($img_thumbsize[1])) { $ttim=imagecreatetruecolor($img_thumbsize[0],$img_thumbsize[1]); imagecopyresampled($ttim,$oim,0,0,0,0,$img_thumbsize[0],$img_thumbsize[1],$width,$height); $ext = substr(strrchr($_FILES["uploadedfile$mid"]["name"][$cnt], '.'), 1); $thumbfilename .= substr($_FILES["uploadedfile$mid"]["name"][$cnt], 0, (strlen($_FILES["uploadedfile$mid"]["name"][$cnt])-(strlen($ext) +1))) . "_" . $upload_thumbname . "." . $ext; // Make thumb as a link $results .= JText::_('IMG_THUMB_FILE') . ' <a href="'.$baseurl.str_replace(" ", "%20", $thumbfilename).'" target="blank">'.$thumbfilename.'</a><br/>'; //$results .= JText::_('IMG THUMB FILE') . " " . $thumbfilename . "<br />"; // Add path to thumb filename $thumbfilename = $upload_location . $thumbfilename; } } } } // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) { $tim=imagecreatetruecolor($n_width,$n_height); imagecopyresampled($tim,$oim,0,0,0,0,$n_width,$n_height,$width,$height); } switch ($type) { case 1: // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) imageGIF($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]); if ($thumbfilename !== "") imageGIF($ttim, $thumbfilename); $image_resize = true; break; case 2: // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) imageJPEG($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg); if ($thumbfilename !== "") imageJPEG($ttim, $thumbfilename); $img_compressimg = ""; $image_resize = true; break; case 3: // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) imagePNG($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg); if ($thumbfilename !== "") imagePNG($ttim, $thumbfilename); $img_compressimg = ""; $image_resize = true; break; case 15: // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) imageWBMP($tim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]); if ($thumbfilename !== "") imageWBMP($ttim, $thumbfilename); break; $image_resize = true; default: $image_resize = false; break; } // Only thumbnail, no resize if ($upload_maximgheight !== 0 && $upload_maximgwidth !== 0) { imagedestroy($tim); if ($image_resize) $results .= JText::_('IMG_ORIG_RESIZE')."<br />"; else $results .= JText::_('IMG_RESIZE_FAIL')."<br />"; } else { $image_resize = false; } imagedestroy($oim); if ($thumbfilename !== "") imagedestroy($ttim); } else { $fileErr = 1; $results .= JText::_('FAIL_REQUEST') . "<br />"; $_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_SAVE_FAIL').", ".$errmsg.")</br />"; } } if (($img = @getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt])) && (!$image_resize) && ($upload_compressimg !== "") && is_numeric($upload_compressimg)) { // Compress JPEG? This only happens if no resize! list($width, $height, $type, $attr) = getimagesize($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]); // Make sure we have a valid compression ratio if ($upload_compressimg > 100 \|\| $upload_compressimg <= 0) $img_compressimg = 100; if (($type == 2) && (is_numeric($img_compressimg)) && ($fileErr == 0)) { $oim = imagecreatefromjpeg($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]); if (imagejpeg($oim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg)) { $fileErr = 0; $image_resize = true; } else { $fileErr = 1; $results .= JText::_('FAIL_REQUEST') . "<br />"; $_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_COMPRESS_FAIL').")</br />"; } imagedestroy($oim); } // Compress PNG? This only happens if no resize! if (($type == 3) && (is_numeric($upload_compressimg)) && ($fileErr == 0)) { $oim = imagecreatefrompng($_FILES["uploadedfile$mid"]["tmp_name"][$cnt]); $img_compressimg = round($upload_compressimg / 100); // Quality is 0-9 for PNG if ($img_compressimg >= 10) $img_compressimg = 9; // If user has set quality to 100 if (imagepng($oim, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt], $img_compressimg)) { $fileErr = 0; $image_resize = true; } else { $fileErr = 1; $results .= JText::_('FAIL_REQUEST') . "<br />"; $_SESSION["failedfile"] .= $_FILES["uploadedfile$mid"]["name"][$cnt]." (".JText::_('IMG_COMPRESS_FAIL').")</br />"; } imagedestroy($oim); } if ($image_resize) $results .= JText::_('IMG_ORIG_COMPRESS')."<br />"; else $results .= JText::_('IMG_COMPRESS_FAIL')."<br />"; } } // If image has been resized it is already saved if (!$image_resize) { if (move_uploaded_file($_FILES["uploadedfile$mid"]["tmp_name"][$cnt], $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt])) { $fileErr = 0; } else { $fileErr = 1; $results .= JText::_('FAIL_REQUEST') . "<br />"; $_FILES["uploadedfile$mid"]["name"][$cnt] = ""; } } // Form Fields if (($upload_useformsfields == 1) && (strlen($upload_formfields) > 0) && ($fileErr == 0)) { $fields = explode(";", $upload_formfields); $valname = ""; $valfile = ""; $ffform = ""; $fffield = ""; $formfieldsemail[$cnt] = ""; if ($upload_nohtmlencoding == 1) $ffform = trim ( $_REQUEST["sfuFormFields$mid"] ); else $ffform = htmlentities ( trim ( $_REQUEST["sfuFormFields$mid"] ) , ENT_NOQUOTES , "utf-8" ); if ($upload_debug == 1) print_r($_REQUEST); if ($upload_replacetag == 1) $ffform = str_replace(">", ">", str_replace("<", "<", $ffform)); if ($upload_debug == 1) $results .= "ffform=$ffform<br/>"; $ffform = explode("[\|\|]", $ffform); // If create a row in the form fileds file... if (strlen($upload_formfieldsfile) > 0) $valfile = $_FILES["uploadedfile$mid"]["name"][$cnt].$upload_formfieldsdiv; for ($iff = 0; $iff < count($ffform); $iff++) { $valname = $ffform[$iff]; $fffield = explode("=", $valname); foreach ($fields as $fld) { $valname = "sfuff".$mid."_".$fld."_".$_FILES["uploadedfile$mid"]["name"][$cnt]; if ($valname === $fffield[0]) { if (strlen($upload_formfieldsfile) > 0) $valfile .= $fffield[1].$upload_formfieldsdiv; else $valfile .= $fld."=".$fffield[1]."\n"; // Store for e-mail, use same counter as file $formfieldsemail[$cnt] .= $fld."=".$fffield[1]."\n"; } } if ($upload_debug == 1) $results .= "valname=$valname<br/>"; } if (strlen($upload_formfieldsfile) > 0) { // Remove last pipe $valfile = substr($valfile, 0, -1); // Check if we got something if ($valfile === $_FILES["uploadedfile$mid"]["name"][$cnt]) $valfile = ""; } if ($upload_debug == 1) $results .= "valfile=$valfile<br/>"; if ((strlen($valfile) > 0) && (strlen($upload_formfieldsfile) == 0)) { // Write the file: $ffFile = $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt] . ".txt"; if ($upload_debug == 1) $results .= "ffFile=$ffFile<br/>"; $fh = fopen($ffFile, 'w') or $fileErr = 1; if ($fileErr == 1) { $results .= JText::_('FAIL_FORMFIELDS_FILE') . "<br />"; } else { // For some mysterious reason PHP refuses to write UTF-8 as UTF-8. Some stupid work-around below found at php.net $valfile = mb_convert_encoding( $valfile, 'UTF-8'); fwrite($fh, $valfile); fclose($fh); } } // Store for Form Fields File, use same counter as file $formfieldsval[$cnt] = $valfile; } if (($upload_popshowpath == 1) && ($fileErr == 0)) { $results .= JText::sprintf('FILE_SAVE_AS', '<a href="'.$baseurl.str_replace(" ", "%20", $_FILES["uploadedfile$mid"]["name"][$cnt]).'" target="blank">'.$baseurl.$_FILES["uploadedfile$mid"]["name"][$cnt].'</a>').'<br /><br />'; } if ($upload_fileexist === "1" && file_exists($new_filename)) { if ($fileErr == 0) { // Delete (=replace) of old file unlink($new_filename); } else { // Put original back if something went wrong rename($new_filename, $upload_location . $_FILES["uploadedfile$mid"]["name"][$cnt]); } } //$results .= "<div style=\"width: 90%; text-align: right; \"><input type='button' value='" . JText::_('OK_BUTTON') . "' onclick='document.getElementById(\"div_simplefileuploadmsg\").style.display=\"none\";'></div>"; } } // UNZIP if (($upload_unzip == 1) && ($fileErr == 0)) { if (($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-tar") \|\| ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-tar-compressed") \|\| ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/tar-compressed")) { //system("tar -zxvf ".$upload_location.$_FILES["uploadedfile$mid"]["name"]); $res = shell_exec("cd ".$upload_location.";tar -xvzf ".$_FILES["uploadedfile$mid"]["name"][$cnt].";"); if ($res === FALSE) { $results .= "<p>".JText::_('MSG_UNZIP_ERROR')."</p>"; } else { $results .= "<p>".JText::_('MSG_UNZIP')."</p>"; } } if (($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-zip") \|\| ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/x-zip-compressed") \|\| ($_FILES["uploadedfile$mid"]["type"][$cnt] === "application/zip-compressed")) { $zip = new ZipArchive; $res = $zip->open($upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]); if ($res === TRUE) { $zip->extractTo($upload_location); $zip->close(); $results .= "<p>".JText::_('MSG_UNZIP')."</p>"; } else { $results .= "<p>".JText::_('MSG_UNZIP_ERROR')."</p>"; } } } $_SESSION["uploaderr$mid"] = $fileErr; } else { $fileErr = 1; $errmsg = "(<span style='color:#dd2222'>".$_FILES["uploadedfile$mid"]["name"][$cnt].")</span><div>".JText::sprintf('FILE_IN_ERROR', $filetype)."<br />  [".ModSimpleFileUploaderHelperv13::errCodeToMessage($_FILES["uploadedfile$mid"]["error"][$cnt])."]</div><br />"; $_SESSION["uploaderr$mid"] = 1; if ($upload_showerrmsg == 1) $results .= $errmsg; else $results .= JText::_('UPLOAD_FAILED')."<br /><br />"; if ($written == 0) { $filesize = ModSimpleFileUploaderHelperv13::getFileSizePP($upload_maxsize); $results .= JText::_('ALLOWED_TYPES') . ": " . $upload_filetypes . "<br />" . JText::_('FILE_MAX_SIZE') . ": " . $filesize . "<br /><br />"; //$results .= "<div style=\"width: 90%; text-align: right;\"><input type='button' value='" . JText::_('OK BUTTON') . "' onclick='document.getElementById(\"div_simplefileuploadmsg\").style.display=\"none\";'></div>"; $written = 1; } } } else { if ($upload_users === "false") { $_SESSION["uploaderr$mid"] = 1; $results .= JText::_('NOT_ALLOWED_USER'); } } } // end for // Create Form Fields file if ((count($formfieldsval) > 0) && (strlen($upload_formfieldsfile) > 0)) { // Write the file but read first if the same file exists from previous set: $valfile = ""; $ffFile = $upload_location . $upload_formfieldsfile; if (file_exists($ffFile)) { //RegExp can't handle pipe, make it escaped // !! Not needed for explode(), only deprecated split() !! //$upload_formfieldsdiv2 = $upload_formfieldsdiv; //if ($upload_formfieldsdiv === "\|") $upload_formfieldsdiv2 = "\\|"; $fileRows = explode("\n", file_get_contents($ffFile)); for ($cnt = 0; $cnt<count($fileRows); $cnt++) { $rowdata = $fileRows[$cnt]; //Remove the UTF-8 chars //if (substr($rowdata, 0, 2) === chr(255).chr(254)) $rowdata = substr($rowdata, 2); //echo "rowdata=$rowdata<br/>"; if (strpos($rowdata, $upload_formfieldsdiv) >= 0) { $rowArray = explode($upload_formfieldsdiv, $rowdata); if (strlen($rowArray[0]) > 0) { $found = false; for ($cnt2 = 0; $cnt2<count($formfieldsval); $cnt2++) { $ffArray = explode($upload_formfieldsdiv, $formfieldsval[$cnt2]); //echo "{".$ffArray[0]."}={".$rowArray[0]."}<br/>"; //echo "replace: [".str_replace($ffArray[0], "", $rowArray[0])."]<br/>"; // Equal on string seems not reliable. Maybe encoding issues but replace does the trick it seems. //if ($ffArray[0] === $rowArray[0]) { if (strlen(str_replace($ffArray[0], "", $rowArray[0])) == 0) { //echo "inside!<br/>"; $valfile .= $formfieldsval[$cnt2]."\n"; $formfieldsval[$cnt2] = ""; $found = true; break; } } if (!$found) $valfile .= $rowdata."\n"; } } } } $fh = fopen($ffFile, 'w') or $fileErr = 1; if ($fileErr == 1) { $results .= JText::_('FAIL_FORMFIELDS_FILE') . "<br />"; } else { for ($cnt = 0; $cnt<count($formfieldsval); $cnt++) { // Add the new files here if (strlen($formfieldsval[$cnt]) > 0) $valfile .= $formfieldsval[$cnt]."\n"; } // Don't make the file UTF-8 here as it totally messes up the reading of the file! // For some mysterious reason PHP refuses to write UTF-8 as UTF-8. Some stupid work-around below found at php.net //$valfile = chr(255).chr(254).mb_convert_encoding( $valfile, 'UTF-16LE', 'UTF-8'); //echo "valfile=$valfile<br/>"; fwrite($fh, $valfile); fclose($fh); } } // SHOW DIR CONTENT if (($upload_showdircontent == 1) && ($fileErr == 0)) { $results .= "<br /><div style=\"text-align: left\">"; if($bib = @opendir($upload_location)) { while (false !== ($lfile = readdir($bib))) { //if($lfile != "." && $lfile != ".." && !ereg("^\..+", $lfile) && $lfile != "index.html") { if($lfile !== "." && $lfile !== ".." && !preg_match("/^\..+/", $lfile) && $lfile !== "index.html") { $fil_list[] = "<a href=\"$upload_location/$lfile\" target=\"blank\">$lfile</a>"; } } closedir($bib); if(is_array($fil_list)) { $liste = "<li>" . join("</li><li>", $fil_list) . "</li>"; } else { $liste = "<li>" . JText::_('NO_FILES_FOUND') . " " . $upload_location . "</li>"; } $results .= "<h2>" . JText::_('FILES_IN_DIR') . " (" . $upload_location . "):</h2><ul>" . $liste . "</ul>"; } else { //die("Could not read files in " . $upload_location); $results .= "<h2>" . JText::_('NO_FILES_FOUND') . "</h2><br/>"; } $results .= "</div><br/>"; } // SEND E-MAIL if ((strlen($upload_email) > 0) && ($fileErr == 0)) { $to = $upload_email; $subject = JText::_('MAIL_SUBJECT'); $infos = explode("\|", $fileInfo); $text = ""; $headers = ""; //Replace space with %20 for URL if ($upload_emailhtml == 0) { for ($cnt = 0; $cnt<$fileCnt; $cnt++) { if(strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0) $text .= $upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]." (".$baseurl.str_replace(" ", "%20", $_FILES["uploadedfile$mid"]["name"][$cnt]).")\r\n"; if (count($formfieldsemail) >= $cnt+1) { if (strlen($formfieldsemail[$cnt]) > 0) $text .= $formfieldsemail[$cnt] . "\r\n\r\n"; } } $body = JText::sprintf('MAIL_BODY', $_SERVER["HTTP_HOST"]); $body .= "\r\n\r\n".$text; $body .= "\r\n\r\n(Find out more about Simple File Upload for Joomla at http://wasen.net/)"; } else { $text = "<br /><br/><table>"; for ($cnt = 0; $cnt<$fileCnt; $cnt++) { if(strlen($_FILES["uploadedfile$mid"]["name"][$cnt]) > 0) $text .= "<tr><td>".$upload_location.$_FILES["uploadedfile$mid"]["name"][$cnt]." (".$baseurl.str_replace(" ", "%20", $_FILES["uploadedfile$mid"]["name"][$cnt]).")</td><td>".$infos[$cnt]."</td></tr>"; if (count($formfieldsemail) >= $cnt+1) { if (strlen($formfieldsemail[$cnt]) > 0) { $fields = explode("\n", $formfieldsemail[$cnt]); foreach ($fields as $f) $text .= "<tr><td>" . $f . "</td></tr>"; } } } $text .= "<table><br />"; $body = JText::sprintf('MAIL_BODY', $_SERVER["HTTP_HOST"]); if (strlen($users_name) < 5) $users_name = "Anonymous (@".$_SERVER['REMOTE_ADDR'].")"; $body .= " ".JText::sprintf('BY_USER', $users_name); $body .= $text; $body .= "<br /><br/><small>(Find out more about Simple File Upload for <a href='http://www.joomla.org/'>Joomla</a> at <a href='http://wasen.net/'>http://wasen.net/</a>)</small>"; // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers //$headers .= 'To: ' . $to . "\r\n"; $headers .= 'From: ' . $upload_mailfrom . "\r\n"; } if (mail($to, $subject, $body, $headers)) { if ($upload_emailmsg == 1) $results .= "<p>".JText::_('MSG_SENT')."</p>"; } else { if ($upload_emailmsg == 1) $results .= "<p>".JText::_('MSG_FAILED')."(To:".$to.")</p>"; } } return $results; } function gd_get_info() { if (extension_loaded('gd') and imagetypes() & IMG_PNG and imagetypes() & IMG_GIF and imagetypes() & IMG_JPG and imagetypes() & IMG_WBMP) { return true; } else { return false; } } function getFileSizePP($filesize) { $kb=1024; $mb=1048576; $gb=1073741824; $tb=1099511627776; if(!$filesize) $filesize = '0 B'; elseif($filesize<$kb) $filesize = $filesize.' B'; elseif($filesize<$mb) $filesize = round($filesize/$kb, 2).' KB'; elseif($filesize<$gb) $filesize = round($filesize/$mb, 2).' MB'; elseif($filesize<$tb) $filesize = round($filesize/$gb, 2).' GB'; else $filesize = round($filesize/$tb, 2).' TB'; return $filesize; } function errCodeToMessage($code) { $message = ""; switch ($code) { case UPLOAD_ERR_INI_SIZE: $message = JText::_('UPLOAD_ERR_INI_SIZE'); //"The uploaded file exceeds the upload_max_filesize directive in php.ini"; break; case UPLOAD_ERR_FORM_SIZE: $message = JText::_('UPLOAD_ERR_FORM_SIZE'); //"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"; break; case UPLOAD_ERR_PARTIAL: $message = JText::_('UPLOAD_ERR_PARTIAL'); //"The uploaded file was only partially uploaded"; break; case UPLOAD_ERR_NO_FILE: $message = JText::_('UPLOAD_ERR_NO_FILE'); //"No file was uploaded"; break; case UPLOAD_ERR_NO_TMP_DIR: $message = JText::_('UPLOAD_ERR_NO_TMP_DIR'); //"Missing a temporary folder"; break; case UPLOAD_ERR_CANT_WRITE: $message = JText::_('UPLOAD_ERR_CANT_WRITE'); //"Failed to write file to disk"; break; case UPLOAD_ERR_EXTENSION: $message = JText::_('UPLOAD_ERR_EXTENSION'); //"File upload stopped by extension"; break; default: $message = JText::_('UPLOAD_ERR_DEFAULT'); //"Unknown upload error"; break; } return $message; } function getGIFComment($filename, $upload_debug) { $retval = ""; $fd = fopen( $filename, 'rb' ); if ( $fd ) { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: File opened!"; // Read GIF header $data = fread( $fd, 6 ); if ( $data == 'GIF87a' or $data == 'GIF89a' ) { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: We've found a GIF"; $offset = 6; // Read Logical Screen Descriptor $data = fread( $fd, 7 ); $offset += 7; $width = ( ord( $data[1] ) << 8 ) + ord( $data[0] ); $height = ( ord( $data[3] ) << 8 ) + ord( $data[2] ); if ($upload_debug == 1) $retval .= "<br/>getGIFComment: GIF width: ".$width; if ($upload_debug == 1) $retval .= "<br/>getGIFComment: GIF height: ".$height; $done = false; while ( !$done ) { $data = fread( $fd, 1 ); $offset += 1; $blockType = ord( $data[0] ); if ( $blockType == 0x21 ) // Extension Introducer { $data .= fread( $fd, 1 ); $offset += 1; $extensionLabel = ord( $data[1] ); if ( $extensionLabel == 0xfe ) // Comment Extension { $commentBlockDone = false; $comment = false; while ( !$commentBlockDone ) { $data = fread( $fd, 1 ); $offset += 1; $blockBytes = ord( $data[0] ); if ( $blockBytes ) { $data = fread( $fd, $blockBytes ); $comment .= $data; $offset += $blockBytes; } else { $commentBlockDone = true; } } if ( $comment ) { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: GIF has comment: ".$comment; if(stripos($comment, "php") !== false) { $retval = "getGIFComment:BLOCK".$retval; } else { $retval = "getGIFComment:OK".$retval; } } else { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: No GIF comment found!"; $retval = "getGIFComment:OK".$retval; } $done = true; } } else if ( $blockType == 0x3b ) // Trailer, end of stream { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: GIF stream terminated by Trailer block"; $done = true; } if ( feof( $fd ) ) { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: GIF stream terminated by EOF"; $done = true; } } } } else { if ($upload_debug == 1) $retval .= "<br/>getGIFComment: File failed!"; } return $retval."<br/>"; } } class SFUAjaxServlet { function getCaptcha($sfu_version, $bgcolor, $mid, $source) { error_reporting(0); /ini_set ("session.Save_path", $_SERVER['DOCUMENT_ROOT'] . "/mySessions"); session_start(); if (isset($_SERVER['REMOTE_HOST'])) { session_name($_SERVER['REMOTE_HOST'] . "-captcha"); } else { session_name(uniqid() . "-captcha"); }/ $myCryptBase = "AB0CDE1FG2HIJ3KL4MNO5PQ6RST7UV8WX9YZ"; $capString = ""; $image = imagecreatetruecolor(150, 60); $white = imagecolorallocate ($image, 255, 255, 255); $rndm = imagecolorallocate ($image, rand($bgcolor[0],$bgcolor[1]), rand($bgcolor[0],$bgcolor[1]), rand($bgcolor[0],$bgcolor[1])); imagefill ($image, 0, 0, $white); $folder_captcha_class = JPATH_SITE.DIRECTORY_SEPARATOR.'modules'.DIRECTORY_SEPARATOR.'mod_simplefileuploadv'.$sfu_version.DIRECTORY_SEPARATOR.'tmpl'; $fontName = $folder_captcha_class."/arial.ttf"; $myX = 15; $myY = 30; $angle = 0; for ($x = 0; $x <=1000; $x++) { $myX = rand(1,148); $myY = rand(1,58); imageline($image, $myX, $myY, $myX + rand(-5,5), $myY + rand(-5,5), $rndm); } for ($x = 0; $x <= 4; $x++) { $dark = imagecolorallocate ($image, rand(5,128),rand(5,128),rand(5,128)); $capChar = substr($myCryptBase, rand(1,35), 1); $capString .= $capChar; $fs = rand (20, 26); $myX = 15 + ($x 28+ rand(-5,5)); $myY = rand($fs + 2,55); $angle = rand(-30, 30); ImageTTFText ($image,$fs, $angle, $myX, $myY, $dark, $fontName, $capChar); } $_SESSION["capString$mid"] = $capString; ob_start(); header ("Content-type: image/jpeg"); imagejpeg($image,"",95); $result = ob_get_contents(); ob_end_clean(); if ($source === 'site') echo base64_encode($result); else echo $result; imagedestroy($image); error_reporting(E_ALL); } function getContent($action) { $retVal = "false"; if ($action === "sfuuser") { $user = $_GET["val1"]; $pass = $_GET["val2"]; $mid = $_GET["mid"]; $session_username = ""; $session_password = ""; // TODO: Should I fetch this from DB if session has expired before trying to login... Else it will return failed... if (isset($_SESSION["upload_username$mid"])) { $session_username = $_SESSION["upload_username$mid"]; $session_password = $_SESSION["upload_password$mid"]; } if (strlen($session_username) == 0) { // Workaround for missing session user... should be from DB I guess... //$retVal = "Credentials not found. Please refresh your session or contact the Administrator to get the login details."; $retVal = JText::_('FAIL_CREDENTIALS'); } else { $hashedpw = md5($session_password); if ((strcmp($user, $session_username) == 0) && (strcmp($pass, $hashedpw) == 0)) { $_SESSION["upload_username_ok$mid"] = $hashedpw; $retVal = "true"; } else { //$retVal = "Username and/or password does not match"; $retVal = JText::_('USER_PASS_FAILED'); /* debug $retVal .= "\nGiven user = " . $user; $retVal .= "\nGiven pass = " . $pass; $retVal .= "\nStored user = " . $session_username; $retVal .= "\nStored pass = " . $session_password; $retVal .= "\nStored hash = " . md5($session_password); */ } } } if ($action === "sfucaptcha") { $captcha = $_GET["val1"]; $casesense = $_GET["val2"]; $mid = $_GET["mid"]; $captchaStored = ""; if (isset($_SESSION["capString$mid"])) $captchaStored = $_SESSION["capString$mid"]; else $retVal = JText::_('FAIL_REQUEST') . "\n\n[Session time-out]"; if ($casesense === "1") { $captchaStored = strtoupper($captchaStored); $captcha = strtoupper($captcha); } if (strlen($captchaStored) > 0) { if ($captchaStored === $captcha) $retVal = "true"; else $retVal = JText::_('FAULTY_CAPTCHA'); } else { $retVal = JText::_('FAIL_REQUEST'); } } if ($action === "sfukillsession") { $ses = session_destroy(); if ($ses) $retVal = "Session destroyed"; else $retVal = "Session still alive"; } //global $mainframe; $app = JFactory::getApplication(); echo $retVal; //$mainframe->close(); $app->close(); } } ?>

| ver. 1.4 | Github | . | PHP 8.1.33 | Генерация страницы: 0 | proxy | phpinfo | Настройка